Attackers could have remotely installed malware on systems running a flawed Dell support tool used to detect customers’ products.
A security researcher discovered the flaw in November and reported it to the PC manufacturer, which patched it in January. However, it’s not clear if the fix closed all avenues for abuse.
The application, called Dell System Detect, is offered for download when users click the “Detect Product” button on Dell’s support site for the first time. It is meant to help the website automatically detect the user’s product—more specifically its Service Tag—so that it can offer the corresponding drivers and resources.